CVE

CVE-2026-21685

iccDEV has Undefined Behavior in CIccTagLut16::Read()

CVE

CVE-2026-21685

iccDEV has Undefined Behavior in CIccTagLut16::Read()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read(). This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.1

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21685.json, https://github.com/InternationalColorConsortium/iccDEV/issues/213, https://github.com/InternationalColorConsortium/iccDEV/pull/223, https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3xr-6687-5c8p, https://nvd.nist.gov/vuln/detail/CVE-2026-21685

Severity

7.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.1

EPSS Probability

0.00101%

EPSS Percentile

0.28554%

Introduced Version

Fix Available

ad159eb00bf46fa17496a0f8c4cb49de8918062c

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-21685

CVE-2026-21685

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.1

Basic Information

Fix Critical Vulnerabilities Instantly